CVE-2024-3400

Published Apr 12, 2024

Last updated 2 days ago

Exploit knownCVSS critical 10.0

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-3400 is a command injection vulnerability affecting the GlobalProtect feature in Palo Alto Networks PAN-OS software. It allows an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. The vulnerability stems from arbitrary file creation within the GlobalProtect feature. The vulnerability affects specific versions of PAN-OS configured with GlobalProtect gateway or GlobalProtect portal. Exploitation involves injecting malicious code into the program, potentially leading to unauthorized command execution and complete control of the affected system. Cloud NGFW, Panorama appliances, and Prisma Access are not affected.

Description
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
Source
psirt@paloaltonetworks.com
NVD status
Modified
Products
pan-os

Insights

Analysis from the Intruder Security Team
Published Oct 15, 2024

The serious vulnerability affects a number of Palo Alto GlobalProtect devices which utilize device analytics. Active exploitation of this vulnerability has been witnessed by a number of organizations.

More information is available in our blog post here.

Risk scores

CVSS 3.1

Type
Primary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Palo Alto Networks PAN-OS Command Injection Vulnerability
Exploit added on
Apr 12, 2024
Exploit action due
Apr 19, 2024
Required action
Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule.

Weaknesses

psirt@paloaltonetworks.com
CWE-20
nvd@nist.gov
CWE-77

Social media

Hype score
Not currently trending

  1. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. 🔥 PAN-OS GlobalProtect sigue vulnerable CVE-2024-3400 (CVSS 10.0) permite control total sin autenticación. Hay parches y firmas, pero miles de firewalls siguen expuestos. ¿Ya actualizaste? #Ciberseguridad #PaloAlto #PANOS #GlobalProtect #infosec https://t.co/YetYxMw7ck

    @trustlock_sec

    8 Oct 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Surge in attacks targeting Palo Alto Networks' PAN-OS devices, exploiting vulnerabilities like CVE-2024-3400. Company urges immediate patching. Source: TechRadar #Cybersecurity

    @WhatsNext_Tech

    7 Oct 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Ransomware surges, Russian hybrid warfare drones, major leaks, and AI-powered scams dominate cyber headlines this hour 🚨 🛡️ Massive exploitation of critical PAN-OS GlobalProtect flaw (CVE-2024-3400, CVSS 10.0) allowing root remote code execution on Palo Alto firewalls is

    @np_cyber_news

    3 Oct 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. ⚠️ Weekly vuln radar from https://t.co/8RzyA4nEyg: CVE-2024-3400 (@stevenadair) CVE-2025-24132 CVE-2025-43300 CVE-2025-5777 CVE-2025-55177 CVE-2023-34044 (@pr0Ln) CVE-2023-20870 CVE-2025-10035 CVE-2025-20333 https://t.co/Z18UZ0WhOF

    @ptdbugs

    3 Oct 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🛡️ Increase in Scans for Palo Alto Global Protect Vulnerability (CVE-2024-3400), (Mon, Sep 29th) (SANS Internet Storm Center) ❓ How can you best mitigate risks from the CVE-2024-3400 vulnerability in Palo Alto's Global Protect software? Learn more at dilag3nt[.]com

    @Dilag3nt

    2 Oct 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🛡️ Increase in Scans for Palo Alto Global Protect Vulnerability (CVE-2024-3400), (Mon, Sep 29th) (SANS Internet Storm Center) ❓ What is the primary threat associated with CVE-2024-3400 in Palo Alto Networks' Global Protect? Learn more at dilag3nt[.]com

    @Dilag3nt

    2 Oct 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨 Hackers Actively Scanning to Exploit Palo Alto Networks PAN-OS Global Protect Vulnerability Read more: https://t.co/VtsR7zsUQK… A significant increase in internet-wide scans targeting the critical PAN-OS GlobalProtect vulnerability (CVE-2024-3400). Exploit attempts hav

    @sirjameshackz

    2 Oct 2025

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. https://t.co/vWwhHpc0gB Increase in Scans for Palo Alto Global Protect Vulnerability (CVE-2024-3400)

    @samilaiho

    1 Oct 2025

    422 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 Hackers Actively Scanning to Exploit Palo Alto Networks PAN-OS Global Protect Vulnerability Read more: https://t.co/ZYXvYxP5G1 A significant increase in internet-wide scans targeting the critical PAN-OS GlobalProtect vulnerability (CVE-2024-3400). Exploit attempts have h

    @The_Cyber_News

    1 Oct 2025

    14552 Impressions

    89 Retweets

    236 Likes

    75 Bookmarks

    3 Replies

    3 Quotes

  11. CRITICAL ALERT! A Zero-Day RCE Exploit Wave is actively hitting Palo Alto Networks GlobalProtect (CVE-2024-3400). Attackers are moving fast. If you run GlobalProtect, your network perimeter is compromised. Read the full report on - https://t.co/8y07evICHd https://t.co/IxaNRwIaBv

    @Iambivash007

    1 Oct 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Explotación activa de vulnerabilidad crítica en PAN-OS GlobalProtect (CVE-2024-3400) Mas información: https://t.co/8t28bWgELL https://t.co/OJBwsTq0a3

    @CSIRT_Telconet

    30 Sept 2025

    115 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. IMMEDIATE SHUTDOWN! The critical Palo Alto PAN-OS Flaw (CVE-2024-3400) is under ACTIVE EXPLOITATION. We break down the threat and provide the mandatory Mitigation Steps required to stop the breach. Read the full report on - https://t.co/7sZC2vEs9d https://t.co/kexMmoWI5S

    @Iambivash007

    29 Sept 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Increase in Scans for Palo Alto Global Protect Vulnerability (CVE-2024-3400), (Mon, Sep 29th) https://t.co/ajII9C0fWF #SANS #Cybersecurity https://t.co/fFWUqp1Nm3

    @PoseidonTPA

    29 Sept 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Increase in Scans for Palo Alto Global Protect Vulnerability (CVE-2024-3400) https://t.co/FOnjZu31LP https://t.co/rPoHn2AbdM

    @sans_isc

    29 Sept 2025

    1400 Impressions

    0 Retweets

    3 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  16. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    29 Sept 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  17. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    28 Sept 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    26 Sept 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  19. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    25 Sept 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  20. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    24 Sept 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  21. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    23 Sept 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  22. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    19 Sept 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Salt Typhoon hid inside U.S. Army National Guard networks for 9 months. No malware. No alerts. Just broken fundamentals. Here are 5 urgent lessons every organization must act on to avoid being next👇 1️⃣ Don’t wait for 0-days. Patch known CVEs CVE-2024-3400 and CVE-20

    @HunterStrategy

    15 Sept 2025

    89 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  24. CVE-2024-3400 Palo Alto Networks PAN-OS命令注入漏洞 5月12日的是看到 paloaltonetworks 有一个安全公告[1], CVE编号是 CVE-2024-3400, 漏洞是一个命令注入,影响的版本 技术联系:https://t.co/9tTNUWam4h https://t.co/rxy44TfeUB

    @TTUinnn1

    11 Sept 2025

    4120 Impressions

    0 Retweets

    53 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. CVE-2024-3400 Palo Alto Networks PAN-OS命令注入漏洞 5月12日的是看到 paloaltonetworks 有一个安全公告[1], CVE编号是 CVE-2024-3400, 漏洞是一个命令注入,影响的版本 https://t.co/HmWGk77OHd https://t.co/KV4ORFludU

    @Gerva555

    1 Sept 2025

    2224 Impressions

    0 Retweets

    33 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    27 Jul 2025

    68 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  27. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    8 May 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  28. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    7 May 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  29. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    6 May 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  30. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    5 May 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  31. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    4 May 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  32. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    30 Apr 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  33. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    28 Apr 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  34. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    27 Apr 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  35. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    26 Apr 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  36. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    26 Apr 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  37. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    25 Apr 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  38. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    25 Apr 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  39. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    23 Apr 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  40. +24,000 IPs Target PAN-OS Global Protect Gateways Researchers have observed nearly 24,000 IP addresses probing for vulnerable Palo Alto Networks PAN-OS devices following disclosure of a zero-day (CVE-2024-3400). The flaw allows unauthenticated command execution via the

    @WarrenTevora

    7 Apr 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. Researchers have observed nearly 24,000 IP addresses probing for vulnerable Palo Alto Networks PAN-OS devices following disclosure of a zero-day (CVE-2024-3400). The flaw allows unauthenticated command execution via the GlobalProtect portal, potentially exposing internal systems.

    @WarrenTevora

    7 Apr 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. Mass scanning alert: 24,000+ IPs targeting Palo Alto GlobalProtect (PAN-OS) VPNs in coordinated login attempts. Likely probing for CVE-2024-3400 exploits. Defenders: check auth logs NOW. Details: https://t.co/eiRJ8LSpVB #CyberSecurity #ThreatIntel

    @adriananglin

    1 Apr 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. 🚨 Critical alert: CVE-2024-3400 in Palo Alto PAN-OS is being actively exploited, allowing root-level code execution. Updates are available—patch now! Details: https://t.co/AG46iiG3Kp #CVE-2024-3400 #Cybersecurity

    @RedTeamNewsBlog

    24 Mar 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. 🚨 China-backed Silk Typhoon is shifting tactics! Now targeting IT supply chains via stolen API keys & cloud app credentials. They hit MSPs, healthcare, govt & more. Key exploits: Ivanti VPN (CVE-2025-0282), Palo Alto firewalls (CVE-2024-3400), Citrix (CVE-2023-3519).

    @hacktoria

    7 Mar 2025

    376 Impressions

    2 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    1 Quote

  45. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    4 Mar 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  46. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    28 Feb 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  47. On April 18, 2024, a critical vulnerability (CVE-2024-3400) in Palo Alto’s GlobalProtect products was actively exploited, leading to data breaches in organizations worldwide. This incident underscores the urgent need for robust online security measures. A VPN encrypts your… http

    @KristianSa45904

    14 Jan 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. 2024 已经快结束了, 简单总结下吧 一、工作和学习: (1) obsidian 更新或记录了近60篇笔记, 但是博客只更新了 5篇 (2) 漏洞挖掘和漏洞分析方面,基本分析了一年来热度笔记大的安全设备漏洞或者安全事件比如 CVE-2024-21762 、CVE-2024-3400… https://t.co/AJk1Q80OSc

    @bestswngs

    31 Dec 2024

    1368 Impressions

    0 Retweets

    21 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  49. Continuing with the Sec Analyst Path on the @LetsDefendIO platform, we tackle an alert for an "Palo Alto Networks PAN-OS Command Injection Vulnerability Exploitation (CVE-2024-3400)". Was this simply a false positive or possibly something more malicious? https://t.co/etxteF6h6l

    @InfoSec_Bret

    28 Dec 2024

    65 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. 私的2024年の悪用があった脆弱性3選。 ・Ivanti Connect Secure の複数の脆弱性(CVE-2023-46805等) ・PAN-OSの脆弱性(CVE-2024-3400) ・FortiManagerの脆弱性(CVE-2024-47575) どれも悪用済からの情報公開でパッチと共にまず侵害有無を調査すべきだが、しなくて侵害に気がついてない組織も多かった。

    @Sec_S_Owl

    19 Dec 2024

    1377 Impressions

    1 Retweet

    25 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.